Mutual Certificates Security

The Mutual Certificates Security mechanism uses security through authentication
and message protection to ensure integrity and confidentiality. This mechanism
requires a keystore and truststore file for both the client and server sides
of the application.

The following server-side options need to be configured for this security
mechanisms:

Keystore: Configure the
Keystore to specify the alias identifying the service certificate and private
key. For the GlassFish Keystores, the file is keystore.jks and
the alias is xws-security-server, assuming that you have
updated the GlassFish default certificate stores.

Truststore (no alias): Configure
the Truststore to specify the alias that contains the certificate and trusted
roots of the client. For the GlassFish Truststores, the file is cacerts.
jks and the alias is xws-security-client, assuming
that you have updated the GlassFish default certificate stores.

Client-Side Requirements

The following client-side options need to be configured for this security
mechanisms:

Keystore: Configure the
keystore to point to the alias for the client certificate. For the GlassFish
Keystores, the file is keystore.jks and the alias is xws-security-client, assuming that you have updated the GlassFish
default certificate stores.

Truststore: Configure the
Truststore that contains the certificate and trusted roots of the server.
For the GlassFish truststores, the file is cacerts. jks and
the alias is xws-security-server, assuming that you have
updated the GlassFish default certificate stores.When
using an STS mechanism, the client specifies the Truststore and certificate
alias for the STS, not the service. For the GlassFish stores, the file is cacerts.jks and the alias is wssip.

A derived key is a cryptographic key created from a password or other
user data. Derived keys allow applications to create session keys as needed,
eliminating the need to store a particular key. The use of the same session
key (for example, when using Secure Session) for repeated message exchanges
is sometimes considered a risk. To reduce that risk, enable Require Derived
Keys.

Select the checkbox to enable.

Establish Secure Session (Secure Conversation)

Secure Session enables establishes a shared security context between
the consumer and provider when a multiple-message-exchange sequence is first
initiated. Subsequent messages use (possibly derived) session keys that increase
the overall security while reducing the security processing overhead for each
message.